A Critical Software View - IT - website · •Software errors are latent design errors...

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Dependable Technologies For Critical Systems

Software Role in Future Space Missions A Critical Software View

Paulo Guedes Business Development Manager

1

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Agenda

2

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

1962 – Mariner I Space Probe

• A bug in the flight software for the Mariner 1 causes the rocket to divert from its intended path on launch

• A formula written on paper in pencil was improperly transcribed into computer code, causing the computer to miscalculate the rocket's trajectory

• Mission control destroys the rocket over the Atlantic Ocean

3

"The most expensive

hyphen in history“ –

Arthur C. Clarke

Top 10 History’s

Worst Software Bugs

- Wired Magazine

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

1988 – Phobos 1

• Loss of

communication and

failure to regain

contact

• De-activation of

attitude thursters

• Error in the uploaded

software – routine

coded in PROMs

4

"Why would a spacecraft have

instructions that turn off the attitude

control, normally a fatal operation?"

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

1996 - Ariane 501

• Inappropriate reuse of a component in Ariane 4’s inertial reference frame software

• Lack of sufficient documentation describing the operating constraints of the software

• Unprotected conversion from a 64-bit floating point to a 16-bit signed integer value overflowed

• Top 10 History’s Worst Software Bugs *

5 * Wired Magazine

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

1997 - Mars Pathfinder

• Loss of science data caused by infrequent, mysterious, unexplained system resets experienced by the Rover

• Priority inversion bug in simultaneously executing processes

• Anomaly impossible to detect with black box testing

6

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

1999 - Mars Polar Lander

• Landed at 22 meters per second

• Shutdown of descent engines 40 meters above the surface

• Software identified vibrations as surface touchdown

• Altough known, software did not account for it

7

Programme "was under funded by at

least 30%.“

“The software—intended to ignore

touchdown indications prior to the

enabling of the touchdown sensing

logic—was not properly implemented

[…]”

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

2006 – Mars Global Surveyor

• Loss of contact after command do adjust power panels

• Overheating batteries led to complete power deplition

• Failure to relay communications

• Flaw in software parameter update

8

"The loss of the spacecraft was the result of a series of

events linked to a computer error made five months before

the likely battery failure“

"We are making an end-to-end review of all our missions to

be sure that we apply the lessons learned from Mars

Global Surveyor to all our ongoing missions"

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


Lessons Learnt

9

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Lessons…

• Software errors are latent design errors

• Complexity of software

• Performance optimizations

• Reuse qualified software is not necessarly safe

• The human coding component still has a huge wheight in the process

• Budget and schedule constraints are enemies of “perfection”

10

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

11

Learnt?

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


Future Space Missions

12

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Space in the 21st Century

Year Mission

2020 Landing Moon

2030 Landing NEO

2035 Permanent Lunar Base

2040 Landing Mars

2040 SSTO Launcher

2070 Landing Europa (Jupiter)

2090 Permanent Martoan Base

2090 Landing Enceladus (Saturn)

13

Human Exploration

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Human Exploration

• Longer missions

• Science-Astronaut roles

• Robotic support

• Independant initiative

14

Mix-initiative

Environments

Human-Centered Computing • More potential execution paths dependant on continuous stream of

human inputs

• Understandable and predictable

• Current Development and V&V methods are inadequate

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Autonomous Spacecraft and Rovers

• Adaptable (smarter) and self-reliant (independent) in harsh and unpredictable environments

15

• Robust and autonomous

software

• Highly responsive

• Complex navigation skills

• More “execution paths”

• Increasing “behavior” possibilities

• Autonomous onboard

science capability

• Communication

requirements

• Increasing processing power and

capability

• Complexity increase

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Influencing (and Risk) Factors

• Cost-effectiveness

– Increased complexity

– Tightly coupled

• Human-Centered Computing

– Paradigm shift

• Software already poses considerable risks

– Reluctance in adoption

– Hurdle in deploying new technologies

– Need for V&V in specific contexts 16

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


The Future of Software Role

17

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Exponential Growth

Mission Launch Year Thousands SLOC

Voyager 1977 3

Galileo 1989 8

Cassini 1997 32

Mars Pathfinder 1997 160

Space Shuttle 2000 430

ISS 2000 1700

18

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Objective

19

SW Development S

W Te

stin

g

Lines of Code

So

ftw

are

Err

ors

1k 10k 100k 1M 10M

0,01

0,1

10

1

100

0,25

100

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


Software Development

20

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Improve Cost and Schedule

• Software Contruction Technology

– Autocoders

– Rapid Development Environments

• Approach breaks down for Mission-Critical

or Safety-Critical Software

– Certification costs dominate development

costs

– Certification needs to be done at a higher

level and then translated to lower level

21

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Improve Cost and Schedule

• Building Block (Software)

– Clear; Performant; Self-contained; Quality; Applicability; Repeatability; Relevant; Reuse; COTS

• Based on well-defined Specification & Interfaces based on an agreed Reference Architectures

– Streamlined development

– Stimulate development

– Standardize avionics

22

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Increase Reliability

• Increase Reliability as Complexity

Increases

– Development for Certification

– Technology that ensures reliability and

addresses certification issues

• Changing Software Contruction

Technology

• Changing Software Development

Processes and Approaches

23

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


Software Testing

24

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Software Testing

25

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Engineering Techniques

26

FUNCTIONAL

SYSTEM

DEVELOP

SYSTEM

SYSTEM DESIGN

DEVELOP

HARDWARE

DEVELOP

SOFTWARE

ASSESS

SAFETY

FUNCTIONAL FAILURE AND

SAFETY INFORMATION

INTENDED

SYSTEM

FUNCTIONALITY

IMPLEMENTATION

ALLOCATED

FUNCTIONAL

REQUIREMENTS

IMPLEMENTATION

IMPLEMENTATION

ALLOCATED

FUNCTIONAL

REQUIREMENTS

IMPLEMENTATION

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

RAMS

• Set of techniques and analyses to assess the safety and dependability of a system

• When applied early enough in the development life cycle, can have a major impact on decisions regarding the design of sub-systems contributing to a more dependable and safe system that can be designed and developed at a lower cost

• Great engineering support during requirements and architecture phases – Input for requirements completeness and

coherence

27

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Verification & Validation

• Involve the final user, system, hardware and software development, and are present from the planning of a system to the acceptance of the functional system against the intended system functionality

• Guarantee system free of faults and performs according to the respective specifications

• Applicable to all levels / early error detection

28

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Formal Methods

• The use of mathematical techniques to

ensure that a design conforms to some

precisely express notion of functional

correctness

29

• Requirements and early

system prototypes can all

be represented in

rigorous notations which

are amenable to

automatic verification

techniques/tools

• The added cost is

compensated by a much

more powerful

verification

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


About Us

30

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

CORPORATE PRESENTATION

• Spin-off of the University of Coimbra, July 1998

• Military and Civil Markets with customers around the globe

• Offices in Europe, US, South America and Africa with more than 450 engineers

• Fast growth achieving USD 26M annual turnover in 2009

CRITICAL SOFTWARE AT A GLANCE

DEPENDABLE

SOLUTIONS FOR

BUSINESS AND SAFETY

CRITICAL APPLICATIONS

31

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


OFFICE LOCATIONS

USA EUROPE

BRAZIL

PSAC

Coimbra, Portugal Lisboa, Portugal Porto, Portugal Southampton, UK Yeovil, UK

Sao Paulo, Brazil

San Jose, CA, USA

32

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

33

CUSTOMERS AND GEOGRAPHICAL MARKETS


33

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

© 2

010 C

ritical S

oft

ware

S.A

.


FINANCIAL FIGURES

•High-growth profile

(organic) –26M in 2010

•Good capacity to generate

wealth –EBITDA: between 7% and 21%

from year one

–Re-investment of all generated

wealth

•Strong investment in R&D –10% of turnover

7

2006 2007 2008 2009

TURNOVER IN MILLION USD

13

2010

20

24 24 26

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


THE COMPANY’S STRATEGIC PILLARS

35

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


MARKETS

36

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


Space Space Segment and Launchers, Ground Segment,

User Segment

37

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

38

SPACE SEGMENT AND LAUNCHERS

Supplier of software solutions, certifiable services and products for subsystems and interfaces since 1998.

Safety Critical development of software solutions (real time and

embedded, satellite on-board software), real-time systems

(specification, design and development, distributed architectures,

IMA and data distribution services) and advanced engineering

(parallel computing, control engineering and programmable logic);

Safety Critical Validation: system/software V&V and RAMS, safety

critical assessment (on-board and airborne systems); software

certification (ARP4754/ARP4761 for airborne and ECSS Q-40 and

NASA STD-8719.13 for on-board systems) and software

certification support (DO-178B);

Critical track record includes work with the four main space

agencies: ESA, NASA, JAXA, CASC.

38

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

SPACE SEGMENT AND LAUNCHERS

ESA SENTINEL MISSIONS

Sentinel-1

C-Band SAR payload following a Sun-Synchronous orbit with a 12

days repeat cycle.

Critical Software is responsible by the ISVV.

Sentinel-2

Multispectral instrument spanning from visible to near-infrared;

follows a Sun-Synchronous orbit with 5 days revisit time.

Critical Software is responsible by the development of the on-board

Central Software (AOCS, MSI and THC Subsystems)

Sentinel-3

Four scientific instruments (OLCI, SLSTR, SRAL and MWR) following

a Sun-Synchronous orbit with a 27 days repeat cycle.

Critical Software is responsible by the development of the on-board

Central Software (MAS and parts of the SMS)

39

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

GROUND SEGMENT

Supplier of software solutions for mission control, modelling, simulation and control and intelligence (C2I).

40

Mission Control Systems (SCOS-2000 Monitoring & Control

System);

Mission Planning Systems;

Payload Data Processing;

Simulation systems, particularly Operational Simulators and

Validation Facilities, to support the validation of both Spacecraft

Instruments and subsystems as well as Ground Control Systems

Critical track record includes work with ESA and main European

primes in the Ground Segment Domain.

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

41

FOTO

Challenge

– Reduce diversity of products used in the ground

segment and improve interoperability

Solution

– Specify standard functions, interfaces and services

using a methodology which combines RM-ODP, SOA

and MDA

– Usage of Platform Independent Models (PIM) and

Platform Specific Models (PSM)

Benefit

– High Level Requirements for the Ground Systems

Software.

– Reference Architecture for Ground Segment Systems

encompassing Information, Service and Interface

Model

– Standard ICDs which can be reused in a wide variety

of ESA Missions

GROUND SEGMENT

TECHNOLOGY HARMONISATION – REFA GS SW

41

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

USER SEGMENT

Supplier of Earth Observation

solution and Downstream and

User Segment services.

Earth Observation Emergency Services: fire monitoring, burned

areas, lanslides and flooding mapping;

Earth Observation Land Services: land cover and land use,

desertification monitoring, forestry management, spatial planning

(forecast and urban land use planning); water monitoring (water

balance, flow rates and depths of rivers and lakes, soil moisture

level);

Critical track record includes work with the Portuguese Ministry of

the Interior, pulp and paper producers, ESA, the Portuguese Navy,

the European Community and the World Bank.

42

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

Challenge

— Demonstrate the usage of VHR imagery in the identification and

classification of housing built in order to:

Improve Urban development (identify vacant, under-utilized or

industrial areas - along new transport investments - for

housing development;

Define flooding scenarios on low-lying areas;

Support the identification of housing built on areas at risk of

floods (low-lying areas) or landslides (steep hills).

— Integrated in EO World initiative for the State of Rio de Janeiro

Solution

— Provision of high resolution DEM and Slope maps

— Production of VHR Land Use with hierarchical nomenclature for

multi-scale analysis and applications

— Floods Risk Scenarios based on Land Use, DEM and historical

meteorological data

— Land Slide Risk areas

Benefit

— Actuate preventively to discourage informal settlement on risk areas

— Identification of land for further urban development

USER SEGMENT

RIO DE JANEIRO LANDSLIDE PREVENTION

43

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


Specialized Engineering

44

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

SPECIALISED ENGINEERING

OVERVIEW

SAFETY CRITICAL

SOFTWARE

DEVELOPMENT VERIFICATION AND

VALIDATION

RELIABILITY,

AVAILABILITY,

MAINTAINABILITY AND

SAFETY ANALYSIS

SIMULATION

SYSTEMS

SPECIALIZED ENGINEERING

SAFETY CRITICAL VALIDATION

45

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.

• FLEXIBILITY AND

EFFICIENCY

• HIGH QUALITY

STANDARDS

• MATURE PROCESSES

• TECHNOLOGICAL

KNOW-HOW

• INDUSTRY SPECIFIC

KNOW-HOW

• RELEVANT

EXPERIENCE

SPECIALISED ENGINEERING SERVICES

SPECIALISED ENGINEERING

ENGINEERING SKILLS

DOMAIN KNOWLEDGE

SOFT SKILLS

OUR APPROACH

46

© 2

01

0 C

riti

ca

l S

oft

wa

re S

.A.


Paulo Guedes – Business Development

Manager [email protected]

Rua Eng. Frederico Ulrich, nº 2650

4470-605 Moreira da Maia

Portugal

www.criticalsoftware.com 47

Date post:	05-Jul-2020
Category:	Documents
Upload:	others
View:	2 times
Download:	0 times

A Critical Software View - IT - website · •Software errors are latent design errors...

Documents